If your bank hasn’t been hacked yet, it soon will be

New APRA survey confirms that there’s no end to the cyber-carnage in sight.
It’s natural to freak out when you hear that an online service you use has been hacked. And if that service is your financial institution, the freaking out is likely to escalate. But the brutal reality is that it’s going to happen at some point.

APRA (the Australian Prudential Regulation Authority), which regulates financial services providers, recently surveyed the finance industry about how companies deal with attacks. And APRA is really blunt about what it discovered:

All APRA-regulated entities, and not only the largest of these entities, need to operate on the assumption that cyber attacks will occur, and that such attacks will remain a constant challenge. Furthermore, it would be prudent for these entities to operate on the assumption that cyber attacks will become both more frequent and more sophisticated over time.

Some sectors appeared more vulnerable than others: 75% of superannuation providers, for instance, reported at least one attack that warranted executive involvement to deal with, the highest proportion for any industry.

There’s a big difference between a successful cyber-attack and an attempt, of course. Well-designed security systems can thwart brute force attacks and quickly alert managers to unusual activity. But computer software can never be made 100% secure. Any company that claims it can do so is lying. And even if the security systems are well implemented, human beings represent a common point of failure.

Financial institutions work hard to ensure that these issues don’t topple them completely (even if Apple apparently thinks their efforts aren’t good enough). As a customer, the main thing you can do is avoid writing down your password, sharing it with other people, or signing into your bank account on unknown devices. It’s basic, but it really helps. (And don’t rely on password strength tests either.)